K wrote: > 4/ Poor exploit mitigation under Solaris. In comparaison, OpenBSD, > grsec linux and Windows => XP SP2 have really good exploit > mitigation.... It is a shame because solaris offered a non-exec stack > before nearly everyone else... but it stopped there... no heap > protection, etc...
Have you looked at privileges(5) and in particular look at how little privilege many of the system daemons run with - sometimes even *less* privilege than an normal user login. Heap protection isn't the only way and it only protects against certain types of exploit. It doesn't help protect against logic flaws that get a program to do something it shouldn't but could but without giving it new code to run. Though what this has to do with xen or zfs I don't know this is a topic that would be better for security-discuss, so I've set the reply-to there. -- Darren J Moffat _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
